UK FCA fines Equifax £11.16m for massive cybersecurity breach in 2017

Rick Steves

The 2017 breach affected approximately 13.8 million UK consumers. Equifax found out about the breach six weeks after its parent company did, learning about the incident just minutes before it went public in the US.

The UK Financial Conduct Authority (FCA) has slapped Equifax Ltd with an £11.16 million fine for its role in one of the largest cybersecurity breaches ever recorded.

The FCA cited the company’s failure to manage and secure the data of UK consumers, which had been outsourced to its US-based parent company, Equifax Inc.

2017 breach affected approximately 13.8 million UK consumers

The 2017 breach affected approximately 13.8 million UK consumers. Hackers gained unauthorized access to a range of personal data, including names, dates of birth, phone numbers, and even partially exposed credit card details. The incident opened up UK consumers to significant risks, including potential identity theft and other financial crimes.

Equifax did not consider its data handling relationship with its American parent company as “outsourcing,” failing therefore to exercise proper oversight. Known vulnerabilities in Equifax Inc’s security systems went unaddressed by Equifax Ltd, further jeopardizing the safety of UK consumer data.

Moreover, Equifax found out about the breach six weeks after its parent company did, learning about the incident just minutes before it went public in the US. This led to significant delays in addressing customer complaints and notifying UK consumers.

Post-breach, Equifax was found to have released public statements that understated the scale of the impact on UK consumers. Furthermore, the company failed to implement quality assurance checks on customer complaints, leading to mishandling and exacerbating consumer distress.

“Financial firms hold data on customers that is highly attractive to criminals”

Therese Chambers, Joint Executive Director of Enforcement and Market Oversight at the FCA, stated, “Financial firms hold data on customers that is highly attractive to criminals. They have a duty to keep it safe and Equifax failed to do so.”

Jessica Rusu, FCA Chief Data, Information, and Intelligence Officer, emphasized the increasing importance of cybersecurity and data protection in financial services. “Firms not only have a technical responsibility to ensure resiliency but also an ethical responsibility in the processing of consumer information,” she said.

Heightened Standards in Data Protection
The FCA mandates that regulated financial firms maintain effective cybersecurity measures and remain responsible for outsourced data. In the wake of breaches, firms are required to promptly notify affected individuals and implement fair complaints handling procedures.

The Equifax case serves as a cautionary tale to other financial institutions, driving home the importance of stringent data protection measures in a digital age increasingly vulnerable to sophisticated cyber threats.

Read this next

Digital Assets

JPMorgan’s stablecoin ventures into interbank transactions

JPMorgan Chase & Co.’s proprietary digital token, JPM Coin, is set to expand its use case by facilitating interbank transactions on Partior, a blockchain ledger developed in collaboration with DBS Bank, Temasek, and Standard Chartered.

Retail FX

Interactive Brokers’ client base surges past 2.5 million

Interactive Brokers LLC (NASDAQ:IBKR) saw 1.89 million daily average revenue trades, or DARTS, in November 2023 compared to 1.93 million transactions in the prior month. The figure is three percent lower on a yearly basis, and also dropped slightly from a month earlier.

Executive Moves

Andrew Gibson launches TimberFX brokerage brand in Cyprus

After nearly two years at Tavira Securities as Head of Product Development, industry veteran Andrew Gibson is launching a new FX brokerage business based out of Cyprus.

Market News

US Dollar’s Trajectory Amidst Seasonal Trends and Economic Indicators in December 2023

As we traverse the final stretch of 2023, the noteworthy depreciation of the US dollar dominates the financial landscape

Inside View

Unlocking the Financial Potential of SMEs: Is FinTech the Key?

The rise of the gig economy for early-stage startups and freelancers has highlighted the increasing importance of small-scale business transactions and banking requirements. Unfortunately, this has also exposed a significant gap in the SME banking landscape.

Digital Assets

South Africa’s FSCA receives 138 crypto license applications

The Financial Sector Conduct Authority (FSCA) of South Africa is currently processing a slew of applications from cryptocurrency companies seeking operational licenses.


Exclusive Interview with Greg Rubin, Head of Axi Select: Unveiling the Future of Capital Allocation in the Financial World

Today, we are thrilled to kickstart another series of exclusive interviews with top executives in the financial services industry, hosted by our FinanceFeeds Editor-in-Chief, Nikolai Isayev. Our next guest is none other than Greg Rubin, the mastermind behind Axi Select.

Digital Assets receives UK’s EMI license, paving way for regulated expansion

Cryptocurrency exchange has been authorized as an Electronic Money Institution by the United Kingdom’s Financial Conduct Authority (FCA).

Digital Assets

Ripple’s Metaco joins Zodia Custody’s network for connectivity with Layers 0 and 1

“As the industry undergoes a pivotal transformation, our networked infrastructure is dedicated to standardise, govern and connect institutional digital asset flows — an essential step in forging use cases that transcend individual companies.”